Europeans Berate Bank Group and Overseer for U.S. Access to Data

By DAN BILEFSKY

Published: October 5, 2006

European Union legislators lashed out Wednesday at a banking consortium and one of its key supervisors, the European Central Bank, which acknowledged that it had known for years that the consortium was giving confidential banking records to United States authorities.

Last week, the Belgian privacy commission accused the consortium, called Swift, for the Society for Worldwide Interbank Financial Telecommunications, of flouting European data protection rules by allowing analysts from the Central Intelligence Agency and officials from other United States agencies to search millions of confidential financial transactions for possible terrorist financing activity.

An investigation by the privacy commission concluded that Swift had breached European privacy rules, calling the secret transfer of confidential information ''a gross miscalculation.'' A separate European Union group is investigating whether Swift, which is based in Belgium, violated European banking law and is considering whether an independent auditor should be appointed to prevent privacy abuses.

In a heated parliamentary hearing, lawmakers said Swift and its overseers had ignored privacy rules by not telling the European Union or European citizens of the transfers.

Several called on Swift to move its United States operations to Canada to prevent the United States from breaching European civil liberties. Others wanted to know why they had learned of the transfers from a report in The New York Times on June 23 rather than from the European Central Bank, which knew of them as early as June 2002. But the lawmakers took no immediate action.

''What we have seen is a culture clash between Europe and the U.S., in which the Americans think they can do whatever they want in the fight against terror,'' said Sophie in 't Veld, a Dutch legislator and advocate of civil liberties. ''The European Central Bank and other European institutions that oversee Swift are partly responsible for failing to have informed European citizens when they learned about the transfers.''

But the president of the European Central Bank, Jean-Claude Trichet, said that such powers were beyond the authority of his bank or of European national banks. ''We made it clear orally and in writing to Swift that we had absolutely no competence and of course it was up to them to take their own actions and decisions,'' he said of Swift's notice to the bank that it had received subpoenas for the data from the United States.

''We gave no blessing to Swift to comply with U.S. subpoenas,'' he said. ''But the E.C.B. has no authority to supervise Swift with regard to compliance with data protection laws.''

His view was echoed by Peter Praet, president of the National Bank of Belgium, which leads an oversight group for Swift that includes the E.C.B., the Bank of Japan and the Federal Reserve. He said the National Bank had concluded that the transfers were outside its competence because they posed no threat to financial stability, which is the bank's main responsibility.

Mr. Trichet said the Swift affair had underlined the need for common rules on how to reconcile protecting data and fighting terrorism.

Under European law, companies are forbidden to transfer confidential personal data to another country unless that country offers adequate protections. The European Union does not consider the United States to be a country that offers sufficient legal protections for individual data.

But the lawmakers said Swift was in a legal quagmire because of confusion over which rules to obey.